Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and Method for Building Intelligent and Distributed L2 - L7 Unified Threat Management Infrastructure for IPv4 and IPv6 Environments

a threat management infrastructure and intelligent distribution technology, applied in the field of intelligent and distributed l2l7 unified threat management infrastructure for ipv4 and ipv6 environments, can solve the problems of inability to take action, inability to maintain connection information for packet filters, and inability to enforce service quality, so as to optimize the processing of future traffic and enforce the effect of quality of servi

Active Publication Date: 2012-11-29
CA TECH INC
View PDF16 Cites 54 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0016]The security gateway may be further configured to provide real-time ratings and protection against undesired web content for a network associated with the security gateway, to evaluate the network traffic for potential data loss from a network associated with the security gateway, and to provide application filtering and controls while enforcing quality of service. All of these features may be included “on-box”, within a single appliance configured to scan inbound traffic for a network associated with the security gateway for viruses and malware engine, and to scan outbound traffic from the network for data leaks, without diverting the traffic off of the appliance. Any initial classifications may be updated by consuming additional data bytes of the traffic until a definitive application type is identified. In this way, an L2-L4 firewall engine may be updated dynamically, to optimize processing of future traffic.

Problems solved by technology

While the use of IP has advantages, its widespread use exposes enterprise and other networks to certain risks.
These packet filters generally were not able to take action according to whether individual packets were part of existing traffic flows.
That is, packet filters did not maintain any information concerning connection state and instead operated only on information contained within the individual packets themselves.
A slightly more intelligent firewall may be able to identify traffic at higher OSI layers, but cannot associate, for example, a specific user with an application.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and Method for Building Intelligent and Distributed L2 - L7 Unified Threat Management Infrastructure for IPv4 and IPv6 Environments
  • System and Method for Building Intelligent and Distributed L2 - L7 Unified Threat Management Infrastructure for IPv4 and IPv6 Environments
  • System and Method for Building Intelligent and Distributed L2 - L7 Unified Threat Management Infrastructure for IPv4 and IPv6 Environments

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028]Described herein are systems and methods which integrate firewall and UTM infrastructures with application proxy technology to provide a unified solution for IPv4 and IPv6 environments. In one embodiment, functionality provided by the present invention is instantiated in a next-generation security gateway (NGSW) that can classify traffic flows according to specific named applications (e.g., those applications responsible for producing and / or consuming the network traffic). This information is then used to enforce L3-L7 policies (e g., as defined by system administrators). The defined policies may be written and expressed in natural language, for example:[0029]If Application==QQLive, User==John Doe, time==9:00AM, Block file transfer within QQLive

[0030]In general, the policies may be instantiations of security rules for an enterprise or other network communicatively coupled to the NGSW and may be associated with one or more connection management actions such as load balancing, t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and / or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus / anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.

Description

FIELD OF THE INVENTION[0001]The present invention relates to methods and systems which integrate firewall and unified threat management (UTM) infrastructures with application proxy technology to provide a unified solution for IPv4 and IPv6 environments.BACKGROUND[0002]Many application programs make use of the Internet Protocol (IP) version 4 (IPv.4) and IP version 6 (1Pv.6) when being accessed across local and wide area networks as well as across the Internet. While the use of IP has advantages, its widespread use exposes enterprise and other networks to certain risks. Similar threats are faced with traffic running over other protocols (e.g., file transfer protocol (FTP), simple mail transfer protocol (SMTP), etc.), and so companies must be vigilant in regulating traffic passing into and out of their networks, irrespective of origin and with due attention paid to the content, or payload, of data packets in addition to packet header information.[0003]Traditionally, firewalls have bee...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/20
CPCH04L63/0218H04L63/0245H04L63/20H04L67/327H04L63/145H04L67/63H04L63/0263H04L63/0281H04L63/1425
Inventor LI, QINGFREDERICK, RONALD ANDREWCLARE, THOMAS A.
Owner CA TECH INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products